Pizza chain exposed 100,000 employees' Social Security numbers

California Pizza Kitchen store

Restaurant chain California Pizza Kitchen has exposed over 100,000 current and former employees' data to potential theft, the company admitted this week. The data at risk included staff names and Social Security numbers.

The data breach filing with the Maine Attorney General reported a total of 103,767 affected people, including eight residents of that state. The filing said the company discovered suspicious activity in its computing environment on September 15 and launched an investigation.

On October 4, it confirmed hackers could have accessed some files and then discovered the extent of the data theft by October 13.

The data that might have been compromised included names and Social Security numbers, the company said.

"There is no indication that individuals’ specific information was accessed or misused," said the document. "However, CPK is notifying all potentially impacted individuals out of an abundance of caution."

The company is offering a year of credit monitoring to those whose data might have been stolen.


Protecting every edge to make hackers’ jobs harder, not yours

How to support and secure hybrid architectures


The Costa Mesa, California-based restaurant chain has nearly 200 restaurants across eight countries. Last month, it announced its expansion into Canada. The company, which filed for bankruptcy protection at the height of the pandemic last year, was reportedly considering a sale or IPO to refinance debt in July this year.

While the US still lacks a federal data breach notification law, each state has passed legislation requiring private businesses to notify individuals when their information is breached. Some, such as California and Virginia, have gone further with strict data protection laws that impose penalties for mishandling of personal data.

In June, Senator Kirsten Gillibrand (D-NY) introduced a bill to create a federal data privacy regulator.

Danny Bradbury

Danny Bradbury has been a print journalist specialising in technology since 1989 and a freelance writer since 1994. He has written for national publications on both sides of the Atlantic and has won awards for his investigative cybersecurity journalism work and his arts and culture writing. 

Danny writes about many different technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector and has worked as a presenter for multiple webinars and podcasts.